Slashdot Mirror


Should You Hire a Hacker?

fabioj writes "Business Week has an article about today's debate at the RSA Security Conference held at the Moscone Center attended by Kevin Mitnick and his 1995 trial prosecutor, Christopher Painter. Interesting to note that Painter doesn't see Kevin Mitnick's experiences as a deterrent for the 'up-and-coming technology workforce' to criminally hack."

4 of 647 comments (clear)

  1. Obsolescence... by ari_j · · Score: 5, Interesting

    Most caught crackers are going to bring special, outdated skills to the job.

  2. Prior Art by R_V_Winkle · · Score: 5, Interesting

    I am not in a position where I can affirm that Mr. Mitnick is reformed and can be trusted. However, I disagree with statements such as "Criminals are Criminals".

    And in answer to the assumption that Fortune 500 would not hire a criminal for his services, I would like to point out that many of these companies have hired Mr. Frank Abagnale in the past, who first made himself famous for check fraud before working with the FBI and then creating his own consulting firm. He is an example that an ex-criminal can become successful by using the same skills that made him a criminal in the first place, and that law enforcement and big companies do sometimes hire such people for their services.

  3. I think I might have some insight here... by Cap'n+Crax · · Score: 5, Interesting

    Once upon a time, I was a hacker. I've always been into computers, since I first encountered a TRS-80 in 1977. I'm 36 now. I'm still using my original handle from those days, and wrote an article for Phrack in '85. I actually was one of the people who helped talk Craig (Neidorf, "Knight Lightning") into starting it as an online magazine. I've always believed in freedom of information.

    In those early days, there were LOTS of us (young people) who were into computers and were fascinated by them. But there was no internet, and those of us in small towns (like myself) had NO means to communicate with others with the same interests, other than BBS system using a 300 baud modem, or 1200 baud if you could possibly afford it.

    So, at that time, if you wanted to learn and communicate, one of the first things you would do would be to call BBS's all over the US. But phone charges were high!! And the parents didn't like that!! So -- you would ask around. And soon, you'd find out about "hacking." Hacking local systems to use TELENET (not telnet), hacking local business PBX systems to get an outside line, which were usually 3-digit "passwords" in those days, or using "codes" to dial out using Sprint, MCI, or TMC (My article for Phrack was on TMC hacking.)

    Was it illegal? Yes. It was also amazingly simple. At that time, you would dial a local access number, enter a code (sometimes only 4 digits), enter a # to call, and it would go through. You could use a phone code for a month or more usually, until the customer got the bill and complained. I guess phone co. insurance picked up the tab. I never really cared.

    Pretty much my entire interest in and knowledge of computing and networking came from these early "hacking" experiences. I don't regret them. And I'm the most honest person you could hope to meet. Had there been an "internet" or ANY way to communicate with other computer folks, I would have used it. I pride myself on my honesty and don't steal, rob, rape, pillage or murder. I just like to learn new stuff.

    And, at that time, that was how it was done. Mitnick came from that era, and I think he was screwed unforgivably. I'm now a partner in a company that does some security work. Would I hire him? Absolutely, I know just where he's from.

    --
    PK: 09F911029D74E35BD84156C5635688C0
  4. Morality, is it absolute? by The+Only+Druid · · Score: 5, Interesting

    I know this wont be a popular viewpoint here on slashdot, but perhaps we shouldn't reward people who break laws [by hacking] by giving them a job?

    I dont mean to suggest either that (a) we should ignore a potentially powerful resource, or that (b) all hackers are necessarily immoral. However I personally would be quite upset if I were a security advisor who abstained from illegal activity, and a former hacker was hired to either replace or supervise me.

    Also, from a devil's advocate position, I'm thinking this is akin to the hiring of former insider-traders to work on preventing further cheating. Basically, we're inviting the dog back into the pantry.

    Please dont mod this as a troll, since I'm being serious here.

    --
    "Stumble before you crawl"